Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv · GHSA-3m2r-q8x3-xmf7 · GitHub Advisory Database · GitHub

Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv

Moderate severity GitHub Reviewed Published Oct 16, 2018 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

Microsoft.AspNetCore.All (NuGet)

Affected versions

>= 2.0.0, < 2.0.8

Patched versions

2.0.8

Microsoft.AspNetCore.Server.Kestrel.Core (NuGet)

>= 2.0.0, < 2.0.3

2.0.3

Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions (NuGet)

>= 2.0.0, < 2.0.3

2.0.3

Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv (NuGet)

>= 2.0.0, < 2.0.3

2.0.3

Description

Microsoft made an internal discovery of a security vulnerability in version 2.x of ASP.NET Core where
a specially crafted request can cause excess resource consumption in Kestrel.

References

Published to the GitHub Advisory Database Oct 16, 2018

Reviewed Jun 16, 2020

Last updated Jan 9, 2023